448 Final
According to Ralph Langner, in the lab Stuxnet behaved like "a lab rat that didn't like the cheese" "a crazed caged monkey" "a monkey that stole all of the bananas" "Dr. Jekyll and Mr. Hyde"
"a lab rat that didn't like the cheese"
Availability
& Reliability: service denial and data loss - can be compromised by denial of service attacks (DOS)
Annualized Loss Expectancy (ALE)
(ALE): single loss expectancy * annualized rate of occurence
Exposure Factor
(EF): a measure of the magnitude or loss or impact on teh value of an asset (0-100%)
Quantitative 1. attempts to assign independently objective numeric value to all elements of the risk analysis 2. does not attempt to assign numeric value, but is scenario oriented
1. attempts to assign independently objective numeric value to all elements of the risk analysis
Private IP addresses
10.0.0.0 - 10.255.255.255172.16.0.0 - 172.31.255.255192.168.0.0 - 192.168.255.255
Put the following items in the correct order for the flow of an incident on the ITIL service support side: Incident management Change management Release management Service desk
2 3 4 1
Qualitative 1. attempts to assign independently objective numeric value to all elements of the risk analysis 2. does not attempt to assign numeric value, but is scenario oriented
2. does not attempt to assign numeric value, but is scenario oriented
Three methods of authentication are presenting something: 1.you wear you have you see 2. you wear you have you are 3. you know you have you are 4. you know you have you see
3. you know you have you are
Goal of Stuxnet was to find: 1. a programmable logic computer 2. the security system of Iran's nuclear facility 3. a computer used to program a programmable logic computer
3. a computer used to program a programmable logic computer
HTTP port with tls
443
How many TCP ports are there? 42 128 65,535 165,342
65,535
What was Mirai
A DDOS attack using IoT devices that targeted DynDNS making users unable to access sites like Netflix and reddit from URL
What is a DDOS attack?
A distributed denial of service attack is typically carried out by a botnet consisting of thousands of infected (zombie) computers which simultaneously send traffic to the targeted site.
Which of the following is true about Symmetric multiprocessing? Select all that apply. A single copy of the OS is in charge of all the processors Data paths allow messages to be sent between the processors Can have its own memory (not usually own OS) The processors share memory and the I/O bus
A single copy of the OS is in charge of all the processors The processors share memory and the I/O bus
How does an SQL Injection Attack Work
A user finds vulnerable user inputs in a page and enters SQL commands into the fields. These commands are executed and can cause the databases to be manipulated differently than how the developer intended. The attacker can edit data or find user credentials.
The basic idea of _____ is to make every computer on the network believe that you are the Router. ARP Poisoning WEP a Smurf attack DDOS
ARP Poisoning
What security risk can be associated with interrupt processing? a.An interrupted process may assume the priority of the higher level process b.A low-level process may time-out before completion c.An interrupted process may lose data integrity' d.A higher-level process may not receive sufficient CPU cycles
An interrupted process may assume the priority of the higher level process
Which networking technology was the first mainstream method for connecting to the Internet? Cable modem Digital Subscriber Line Analog dial-up Wi-Fi wireless broadband
Analog dial-up
When monitoring a system for anomalies, the system is measured against __________. Baseline Logs Security policy Results of the penetration test
Baseline
________ are helpful when configuring new computers or devices as well as for comparing with existing systems to see if they still meet the minimums. Policies Standards Baselines Guidelines
Baselines
What method does true crack use
Brute force
According to the lecture BCP stands for:
Business continuity plan
Which certification requires 5 years of Computer Security related work experience?
CISSP
What is the central repository for all configuration items? ODBC CMDB SDLC ITIL
CMDB
Which of the following is true about Massively parallel processing? Select all that apply. The processors share memory and the I/O bus Can have its own memory (not usually own OS) A single copy of the OS is in charge of all the processors Data paths allow messages to be sent between the processors
Can have its own memory (not usually own OS) Data paths allow messages to be sent between the processors
What "high tech" instrument did people use to break into phone systems
Captain Crunch Whistle
Which one of the following is NOT an effective control against SQL injection attack? Limiting database permissions parameterization Client-side input validation escaping
Client-side input validation
What is a CVE and what purpose does it serve?
Common Vulnerabilities and Exposures (CVE) Provides a reference-method for publicly known security vulnerabilities and exposures.
Which type of memory outputs on both the rising and falling edges of the clock cycle?
DDR SDRAM
What was the first US Data encryption standard? RSA DES MD5 RC4
DES
Which of the following is the correct description of DES? a. DES encryption employs an asymmetric key using a block cipher and a 128-bit key for encryption b. DES encryption employs a symmetric key using a block cipher and a 128-bit key for encryption c. DES encryption employs an asymmetric key using a stream cipher and a 56-bit key for encryption d. DES encryption employs a symmetric key using a block cipher and a 56-bit key for encryption
DES encryption employs a symmetric key using a block cipher and a 56-bit key for encryption
What is "wardriving"? 1. The name of a virus that infects printer drivers. 2. Driving around looking for susceptible ATMs that the attacker can attach a card skimmer to. 3. Driving around looking for unencrypted wireless access points. 4. Is the successful hijack of a smart car through the system's on-board computers.
Driving around looking for unencrypted wireless access points.
Which of the following is an example of a store-and-forward communication? E-mail Presence/availability Videoconferencing Audio conferencing
What is the act of an unauthorized person intercepting and reading packets that flow across a network? Eavesdropping/sniffing Replaying Hijacking None of the above
Eavesdropping/sniffing
Which of the following is the most effective countermeasure to social engineering?
Employee education
You would use the following software development model when detailed requirements specification cannot be formulated in advance a.Guess and Compile method b.Extreme programming c.Prototyping d.Exploratory programming
Exploratory programming
If you encrypt a message using your public key, you should give the person you are sending the message to your private key so that they can decrypt the message. True or False
False
Which of the following is NOT true about asymmetric cryptography systems? a.One side uses a public key and the other uses a private key b.Uses a variable-length key c.Faster than symmetric cryptography d.Provides authentication and nonrepudiation
Faster than symmetric cryptography
A network mapper (nMap) uses __________ packets to ping a computer in order to see if it is operational.
ICMP
What type of system detects but does not stop an intrusion? IDS Log firewall IPS
IDS
What type of system actively stops an intrusion? Log firewall IPS IDS
IPS
Which group offers the CISSP certification?
ISC
Which certification doesn't require any Computer Security related work experience?
ISC Associate
What is the most widely accepted approach to IT service management in the world?
ITIL
IoT devices typically have limited resources (small amount of memory, processing power, and bandwidth). Why have attackers focused on using IoT for their botnets instead of several powerful servers with huge bandwidth?
IoT devices rarely have firewalls in their OS so they're much easier to control than powerful servers also it makes it harder to track the attack when the traffic is coming from so many devices.
Which of the following biometric methods obtain the patterns and colors around a person's pupil? Retina pattern Pupil identifier Eye pattern recognition Iris scan
Iris scan
According to the video what is the syntax for a SQL injection attack that will return all of the users from the table?
Jerry' or '1' = '1
Which one of the following is NOT an effective control against SQL injection attack? escaping Client-side input validation parameterization Limiting database permissions
Limiting database permissions
Which of the following is a SIEM? WebSecure Snort none of these LogRythm
LogRythm
The three creators of RSA worked at which University? MIT Cal Tech Harvard Stanford
MIT
What is the main reason that finance led the incident count the year of the report? 1. There were several very large and successful attacks agains credit card processing companies 2. Mainly due to a large number of ATM skimming incidents 3. Mainly due to a large volume of DOS attacks targeting the financial industry 4. Most attackers are motivated by financial gain and therefore most of their targets are in the finance industry
Mainly due to a large number of ATM skimming incidents
Select all of the following that are true about Mirai: Mirai was a botnet that consisted of IoT devices. Mirai was successful in bringing down DYN DNS. Mirai was a DOS attack. Mirai leveraged zero day vulnerabilities to gain access to devices.
Mirai was a botnet that consisted of IoT devices. Mirai was successful in bringing down DYN DNS.
Which technique to control the use of the system's resources is described as: The ability of an operating system to execute different parts of a program simultaneously. Multicontrol Multiprocessing Multithreading Multitasking
Multithreading
The main target of Stuxnet was: Equafax Natanz nuclear facility Dyn DNS Microsoft Windows systems
Natanz nuclear facility
The following tools were used in the labs to perform reconnaissance:
Netcat Nmap Metasploit
With a Kerberos system does the user's password ever get passed across the network? No, the user's password is only used to access the Kerberos client software running on the user's PC. No, the user's password is stored in the KDC. The user's password is authenticated when the KDC uses the password to decrypt the authenticator, which was encrypted by the user with their password. Yes, but it is encrypted with a Session Key as it sent to a resource that the user is attempting to access. The resource decrypts the password with the shared session key. Yes, it is sent within the Authenticator which is encrypted when it is sent to the KDC. The KDC decrypts the Authenticator by using a shared secret key.
No, the user's password is stored in the KDC. The user's password is authenticated when the KDC uses the password to decrypt the authenticator, which was encrypted by the user with their password.
Annualized Rate of Occurence
Occurence (ARO): frequency with which a threat is expected to occur per year (not probability)amount of times/amount of yearsex: 50 times in one year: 50/1=50, once in ten years 1/10=.1
What is the name of the not-for-profit worldwide charitable organization focused on improving the security of application software that we discussed in class?
Open Web Application Security Project
Which of the following types of authentication is the most common method and also the weakest? Token Password Fingerprint PIN
Password
What is the name of one of the computer security podcasts/videos that I showed in the lecture?
PaulDotCom
What technology solution blocks outbound access to certain websites or services? Proxy server UTM NAT DMZ
Proxy Server
What type of classical cipher do you think was used to create the following ciphertext: HWEOLRLLOD
Railfence
In this class you followed the steps typically taken by a penetration tester. What were all of the steps that you followed and the tools that used for the simulated pen test? Make sure to describe what you used each tool for and the information gained from using the tool.
Reconnaissance - Zenmap Identify Vulnerabilities- OpenVAS Gain Access- Metasploit
Whick algorithm did NIST choose to become the Advanced Encrytption Standard (AES) replacing DES? a.Twofish b.DEA c.Rijndael d.IDEA
Rijndael
What is the last name of the professor representing the "R" in RSA?
Rivest
Which group offers Computer Security training (inlcuding a Masters program)?
SANS Tech Institute
What protocols does SSH (secure shell) encrypt
SCP, SFTP
According to the video what is the injection attack that "you are most likely to see"? C++ SQL XML html
SQL
Which certification requires 1 year of Computer Security related work experience?
SSCP
The ITIL framework is broken down into two main groups:
Service support service delivery
Which technology allows users to sign on to a computer or network once, and have their identification and authorization credentials allow them into all computers and systems where they are authorized? Biometrics Multi-factor authentication Single sign-on (SSO) Single-factor authentication
Single sign-on (SSO)
A username and password combination is which type of authentication?
Single-factor
Which of the following is an IDS? WebSecure Snort LogRythm
Snort
Which of the following are true about a DDOS attack: Software is not installed on the site being attacked. Usually involves a few, very powerful servers that send a lot of traffic to the victim site. The attacker is not after data stored on the site (credit card numbers, SSNs, etc) Involves a botnet which sends a lot of traffic to the victim site.
Software is not installed on the site being attacked. The attacker is not after data stored on the site (credit card numbers, SSNs, etc) Involves a botnet which sends a lot of traffic to the victim site.
What is stenography
Stenography involves changing the least significant bits an images binary to encode hidden messages, we used digital invisible ink toolkit to find those messages
In one of the labs you used one of the servers to pivot. Select all that are true about pivoting: It allowed us to discover a different network than the one we were on. It allowed us to perform a man-in-the-middle attack. It allowed us to discover a server that was on a different subnet than our Kali instance. The server that allowed you to pivot had two network adapters enabled, which connected into two different networks.
The server that allowed you to pivot had two network adapters enabled, which connected into two different networks. It allowed us to discover a different network than the one we were on. It allowed us to discover a server that was on a different subnet than our Kali instance.
What is a characteristic of analog communications? They are resistant to errors. They have unlimited bandwidth. They are resistant to electrical interference and noise. They are slow.
They are slow.
In a Kerberos system, the client first authenticates with the KDC. Then when it requests access to a particular resource what must it present?
Ticket Granting Ticket (TGT)
According to the lecture TCO stands for: The chosen one Technology commercialization office Total cost of ownership Tempest control officer
Total cost of ownership
All popular programming web technologies are susceptible to xss. True or False
True
VoIP and data travel over the same network. True or False?
True
What type of error is false reject rate? Type II error Type 0 error Type III error Type I error
Type I error
What type of error is false accept rate? Type II error Type 0 error Type III error Type I error
Type II error
What technology solution blocks inbound access to internal sites, has anti-virus, and intrusion detection?
UTM
Which of the following is any weakness in a system that makes it possible for a threat to cause it harm? Risk Backdoor Vulnerability Exploit
Vulnerability
What technology solution blocks attempted attacks to internal web servers? DMZ NAT UTM WAF
WAF
Wireless encryption standard that is easily cracked?
WEP
Which System Development Life Cylce is more like an assembly line in that it is not very flexible because it doesn't allow you to cycle back through previous steps. Exploratory Waterfall Extreme Iterative
Waterfall
What is the vulnerability associated with CPU states? a. The data is volatile and may be lost when powering down b. When a system crashes, there is a core dump of its internal state. If the core-dump is not secured, then unauthorized users could access it. c. The data may be read by the user. d. System performance may be impacted
When a system crashes, there is a core dump of its internal state. If the core-dump is not secured, then unauthorized users could access it.
How do you string two SQL injection queries together? You would end the first SQL statement with a closing quote (if needed) , then a semicolon (to denote the end of the first query), and then the second query with its ending semicolon. You would end the first SQL statement with a closing quote (if needed) , then the second query, and finally a -- for the comment. You would end the first SQL statement with a closing quote (if needed) , then a semicolon (to denote the end of the first query), then the second query with its ending semicolon, and finally a -- for the comment. You would end the first SQL statement with a closing quote (if needed) , then a semicolon (to denote the end of the first query), then a -- for the comment, and then the second query with its ending semicolon.
You would end the first SQL statement with a closing quote (if needed) , then a semicolon (to denote the end of the first query), then the second query with its ending semicolon, and finally a -- for the comment.
A certificate authority is: an entity that decrypts messages for an end user a trusted third party that associates an identified end user with a specific private key a trusted third party that controls the sale of domain names to the rightful owner of the name a trusted third party that associates an identified signer with a specific public key
a trusted third party that associates an identified signer with a specific public key
According to Scheier, security includes the following (select all that apply): reality agenda feeling model
all
Which of the following characters would you consider an escape character used for SQL injection (mark all that apply) ' (single quote) = (equals) -- (dash, dash) ; (semicolon)
all
Place the pieces of an information system in the correct order, starting with the highest level (the part that the end-user directly interacts with is #1). operating system utilities computer hardware (memory and CPU) application program
application program utilities operating system computer hardware (memory and CPU)
What is the most common way to fix the problems that OpenVAS discovered?
apply a patch
Because the CPU is the brain of a computer, it and the operating system have multiple layers of self-protection. One mechanism they use is protection rings to separate critical components through boundaries of security controls. Which of the following computer components would be placed in the outermost ring (or layer)?
b.Applications and programs
Which statement is true regarding digital signatures? a.Confidentiality is assured because the receiver's private key is used to encrypt the message. b.Authentication is assured because the sender's private key is used to encrypt the message. c.Confidentiality is assured because the sender's private key is used to encrypt the message. d.Authentication is assured because the receiver's private key is used to encrypt the message.
b.Authentication is assured because the sender's private key is used to encrypt the message.
Which of the following lists the correct five levels of the Capability Maturity Model? a.Initial, Repeatable, Qualified, Managed, Optimizing b.Initial, Repeatable, Defined, Managed, Optimizing c.Initial, Non-repeatable, Defined, Managed, Optimizing d.Initial, Repeatable, Defined, Managed, Custom
b.Initial, Repeatable, Defined, Managed, Optimizing
What does a POS smash-and-grab attack involve? blow up face of ATM and remove cash from inside brute force and malware combination install ATM skimmer smash window and steal cash register
brute force and malware combination
Who is most likely to steal a businesses data internally
cashiers
What "acts as filters between us and reality"?
cognitive biases
What is OpenVAS?
comprehensive vulnerability assessment system that can detect security issues in all manner of servers and network devices.
What are the three parts to the Information Security Triad?
confidentiality integrity availability
What is the name of the"big idea" to obscure the relationship between your real message and the encrypted message? confusion encryption obfuscation diffusion
confusion
What type of error is: false accpetance + false rejection
crossover error
What vulnerability occurs when one process passes pointers to parameters to the OS at the same time another process modifies the parameters? a.Covert channel b.Back door c.Fraggle d.TOC/TOU
d.TOC/TOU
What type of model dictates that all software developers follow a software programming model that uses discrete phases and reviews before the next phase of development is carried out?
d.Waterfall
Policy does NOT include: a.a statement of enterprise beliefs b.a statement of enterprise goals c.senior management input d.list of technologies to use
d.list of technologies to use
Integrity
data corruption and tampering - maintains valid, uncorrupted and accurate info
In the XKCD comic strip, what did Little Bobby Tables do?
dropped the Students table
Confidentiality
eavesdropping and data theft (includes personal data and info and intellectual property)
Approximately 70% of breaches were discovered by: external parties the intrusion detection system an internal IT audit the information security group
external parties
An information security policy does NOT include: authority for information security department recognition of information as an asset of the organization basis for data classification guidelines for how to implement policy
guidelines for how to implement policy
What type of cipher will produce the exact same size ciphertext no matter how large the clear text is?
hash function
A fixed-length value used as a message fingerprint is called a: a.Hash value b.MAC c.Digital signature d.Message value
hash value
A standard: a.spells out the step-by-step process of how the policy will actually be implemented in the environment b.is a statement of enterprise beliefs c.explains how to implement a security package to ensure that it is done in a consistent level of security d.identifies a specific product or mechanism for universal company use
identifies a specific product or mechanism for universal company use
The Zachman Framework a.models confidentiality aspects of a multilevel security b.is used to control access to mitigate conflict of interest in a consulting environment c.addresses subject/program binding d.includes specifications for defining and capturing an architecture
includes specifications for defining and capturing an architecture
According to Scheier, feeling is based on our BLANK, and model is based on BLANK. options are: reason intuition experience
intuition, reason
The question to ask when making a security decision is: does it have a positive return on investment does it make us safer is it worth the tradeoff is it worth the money
is it worth the tradeoff
Policy does NOT include: senior management input a statement of enterprise beliefs list of technologies to use a statement of enterprise goals
list of technologies to use
According to Bruce Schneier, rare risks are repeated again and again by
newspapers
What is considered the perfect encryption scheme and is unbreakable? a.IDEA b.One-time pad c.PKI d.RSA
one-time pad
From the labs, what tool uses CVEs?
openvas
What group attacks small business retailers
organized crime
The targets of xss are: other users file servers email servers databases
other users
According to the video what is the top defense against SQL injection? parameterized queries protected queries sanatized queries super secret queries
parameterized queries
"All authorized users must be allowed to do only their authorized tasks. Unauthorized users must not have access to the company systems or resources."
policy
"All authorized users must be allowed to do only their authorized tasks. Unauthorized users must not have access to the company systems or resources." Policy Guideline Standard Procedure
policy
If a message is encrypted using a public key, what is used to decrypt the message?
private
"All users of Norton anti-viral software will have anti-viral signature files updated weekly. The following procedure is to be followed when updating your anti-virus files every week: ... " is an example of a: policy baseline procedure standard
procedure
The OWASP website ranks the top ten server vulnerabilities ranks the top ten web application vulnerabilities ranks the top ten wireless vulnerabilities ranks the top ten database vulnerabilities
ranks the top ten web application vulnerabilities
According to Bruce Schneier, all of the following are biases in risk perception, except one. Which one? personified risks are perceived to be greater than anonymous risks we tend to exaggerate spectacular and rare risks and downplay common risks real-world risks hold more value than online risks the unknown is perceived to be riskier than the familiar
real-world risks hold more value than online risks
Put the Waterfall Model stages in the correct order. Maintenance Requirements Implementation Design Verification
requirements , design, implementation, verification, maintenance
Which of the following biometric methods obtain the patterns and colors around a person's pupil? Pupil identifier Eye pattern recognition Iris scan Retina pattern
retina ?
What does Schneier call products that make people feel secure, but don't actually do anything? security blanket security theatre security allusion fraudulent marketing
security theatre
What is the name of the Linux file that contains password hashes?
shadow
According to Johnny Long, how do you "suck data off machines with your mind?"
shoulder surf
According to Johnny Long, how do you "suck data off machines with your mind?" shoulder surf install a key logger what till the year 2045 when our minds will be machines sniff traffic
shoulder surf
What is the network configuration called when the network is configured so that you can only see traffic addressed to your computer (and not all of the other traffic on the network)?
switched
The following steps are taken to ensure that a file that the recipient received was not tampered with (it is the original file sent by the sender).
the file is hashed by the sender the hash is encrypted with the sender's private key and sent to the recipient the recipient hashes the file the recipient decrypts the sender's hash with the sender's public key
In the No Tech Hacking video how did they defeat physical security with junk and stuff (related to the touch bar on the door)? 1. they used a paper clip in the key hole to unlock a secured door 2. they went dumpster diving and found old key cards to unlock a secured door 3. they went dumpster diving to search for entry codes to unlock a secured door 4. they used a hanger and wet towel to unlock a secured door
they used a hanger and wet towel to unlock a secured door
When you buy insurance you are:
transferring the risk
What type of cipher rearranges the characters in the plaintext to form the ciphertext? Transposition Caesar Substitution Asymmetric
transposition
The key to protecting assets from the risk of attack is to eliminate or address as many ______ as possible. vulnerabilities threats technologies security policies
vulnerabilities
What does the joke "one, two, three, many" refer to? we are really good at abstraction we are really good at small numbers we are really good at large numbers we are not very good with tropical fruit (apple would have been a better example)
we are really good at small numbers?
What is the name of the tool that you used to analyze network traffic?
wireshark
